Re: [GNAP] I-D Action: draft-ietf-gnap-core-protocol-00.txt
Francis Pouatcha <fpo@adorsys.de> Tue, 03 November 2020 21:58 UTC
Return-Path: <fpo@adorsys.de>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C43483A1220; Tue, 3 Nov 2020 13:58:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.7
X-Spam-Level:
X-Spam-Status: No, score=-1.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (public key: not available)" header.d=adorsys.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EXwuN9NWN6rw; Tue, 3 Nov 2020 13:58:03 -0800 (PST)
Received: from DEU01-BE0-obe.outbound.protection.outlook.com (mail-be0deu01on2106.outbound.protection.outlook.com [40.107.127.106]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7640B3A121C; Tue, 3 Nov 2020 13:58:01 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=anIE1JgsJ6szwVJUETg+KkuvVo857NYy74edEg5Qje8gxZZQIbhew/WytGzR0HA9OzVwFhvKGUIPljG0m8O2dSpFR7pzsF9eib3LPPc8dJsEGQXjfFRm+o466iUEjpCyp8MQdwwlr8Bx+WiyaATFzcO4XMzh6K2QWhCcrCcmhmNYa9rkX0YCZyz09SLtuB17nbQudzZ7xJAO4+euNwPSMMt54H8dJ44TIIj3XzKAaEOl54SeCktrP3VUme9wT4zEmCRecgqzpERoekdrHcaI1FO9yeAr3Iq8e5/zmRQ8j/Qghew9T4Fao3Ouw7re7KdzejZFQySCt3FNdX/+5zlzEw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eR+tFTIcKmQ0I8CRqZlN9qrFttP0N3KGZs7nrxey4g8=; b=AQCGgG6+hZVOxwDcMfKInr59ZGRGSUXwBaFr1tOGFLrLt15WEN0yY3i0P7WT/+Yvwzwq9rIORly2+6aA2aNi7BtHg9PTi+SyuyCbyMjGD+bncp6lRB0a5fyW/1nd2aUb9/wzYcChC5bDX+OUq+yayDEC5H4lBWYYVQdHpg0eW0Qwvb/mU1tQZ3xr1kBnfJa4W3+bwrH1wRj9LQefqph0oChHpZC9AgxxG87URExQnumjqnWe4XqfIh4XvvE4iACDazJan3gMIPSBT36GBn4zQDW06E1HRBXTNWYYAgpG7b9aU2p7KHVgauCPSxUFPJvy0omQdTFE+MqmwCOpArODHA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=adorsys.de; dmarc=pass action=none header.from=adorsys.de; dkim=pass header.d=adorsys.de; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=adorsys.de; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eR+tFTIcKmQ0I8CRqZlN9qrFttP0N3KGZs7nrxey4g8=; b=Az6OUZP2kdNmfcs5cMjyLwLn0kbnn2hsrz12NjK5ef/2F9YRUYwSzsqdYqjvfdrVn0r+2EW0+iZ/lKGlZyRnu3NWuUv25WOXUIPYgkPw3/+o7iE6ptPX933W7vHhsmh02rnd18tXUdmo7RX9ja5AYLuknmGxCuXY5IniXagGvTK9ZV6N2yem/RBp66ZcN4ga0jOerPESxBgPXd8iVJHNDwlyFFIGrZzv4SUgNsv9d+vw3HRpovtqITBNjPs2rT4bQbWEJYzJx5EwAuRS/yrYWk0O1weELPK927+vJ3DJEDzIVkLiitoYKVWxAV7k7W7yv8E0cHz0ysAZa8Yr2N98Yw==
Received: from FR2P281MB0106.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:11::11) by FR2P281MB0268.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:10::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3541.15; Tue, 3 Nov 2020 21:57:59 +0000
Received: from FR2P281MB0106.DEUP281.PROD.OUTLOOK.COM ([fe80::b06b:117e:61f0:138b]) by FR2P281MB0106.DEUP281.PROD.OUTLOOK.COM ([fe80::b06b:117e:61f0:138b%3]) with mapi id 15.20.3541.013; Tue, 3 Nov 2020 21:57:59 +0000
From: Francis Pouatcha <fpo@adorsys.de>
To: "i-d-announce@ietf.org" <i-d-announce@ietf.org>, "txauth@ietf.org" <txauth@ietf.org>
Thread-Topic: [GNAP] I-D Action: draft-ietf-gnap-core-protocol-00.txt
Thread-Index: AQHWpJRmsNLJEsCLXUKdo4jXxaYQ5am3CNs/
Date: Tue, 03 Nov 2020 21:57:59 +0000
Message-ID: <FR2P281MB01063F61DE3A38E719310CC18D110@FR2P281MB0106.DEUP281.PROD.OUTLOOK.COM>
References: <160294599277.27126.4949816992987431112@ietfa.amsl.com>
In-Reply-To: <160294599277.27126.4949816992987431112@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=adorsys.de;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [65.33.157.159]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 12247c2a-d52e-4242-b4ec-08d880438759
x-ms-traffictypediagnostic: FR2P281MB0268:
x-microsoft-antispam-prvs: <FR2P281MB0268A8F275152A8A18ECAA14CD110@FR2P281MB0268.DEUP281.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:6430;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: RWosLLXJc+E3DV8eMA2iPZiTKqxIYJftCfI0n4CoDs1Gj0W9qjIC9F3P87heKXI/S5a3GVmg28yy29oGEUp3aDvZM0zdysSW9nnQuGuaXPcv+rs3EWST5Jc337WhnAcN5Bp9VJAetgecW1cTzMU33QV6LpbzNzzfaotedqcT8ps7cGBwseUTCbgQ4VMdYo8ZVGp+P92c/t6ntaWp5Mzng0k1IKobmfTFrF0Me7/FOEtIMHA7gtfPClYpx6/wUyEehQg85WGDbGcXItjI1kDOIoRIouCdAgqZF4RN3P4mqfwd2P1a8P7R/b3oVdvBC9gGM7FXjq72IIa5OxNEmxW9ABfU4GnC8sNdk9UGtup4MbR0i7e30f9Ms4aic2JRKc1Xi5yzFuQUVYxPLwoe/DPKFw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:FR2P281MB0106.DEUP281.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(376002)(366004)(136003)(396003)(39830400003)(346002)(450100002)(21615005)(19627405001)(8936002)(316002)(8676002)(110136005)(2906002)(86362001)(66476007)(66556008)(66446008)(64756008)(76116006)(91956017)(53546011)(7696005)(186003)(83380400001)(26005)(6506007)(55016002)(5660300002)(478600001)(9686003)(52536014)(33656002)(66574015)(4001150100001)(166002)(71200400001)(966005)(66946007); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: y95elfqvBEP6KQqL+QKu1RRLKEmNIW7tmwXUDSVYDWjCcQ1VhteHLGf/r5bW3tfhYJsqNve2/Lcx9GpsfwdzkpEn1rdjmUU453dephbm45WN/MDc2LZRULENO516IkZ9fSQGm8GbfpJ/8E5WTjRHuaNoLvaq+7csMYGXfiqCs2yU8s2JdF0pn+N5CvFrQxrLSe6LAqQ5IC9r8hM6gSLEQVgOd4MwDv1Mdfnl1dEL298FffQso8T5LCdkLGvcx5GO1eN4AHrXzQT3rCxb0mMtPIcPJPzd5/YW5u7rsh8IcqEGjJ64oR/vzVEk1IbKNDxiRdL2kmzgkZxOp6yOk0MqOlFt1Qi499NFuWuG5XfweRA9Qvt+5wlj2/k+brwxgj6BbKPlqhzycV6R9qmpuWdPn/VVXaNbBv+oR3ASFbZMbXoVecKrdEsz8IpqgXaTecke9NMFIvT7RRkvmE7ek+HdN3X3Yet1qCv8zmI1St6cMQ9dWucPEkePRcjO4meV/GUkagQLsdzXPtPwU9IIP/tBWUHXkq5hTJtgeP38G+icxkJswHG2mvBXpcNjFOXbqpZ0LOcxfaz+l9liVzAbNeq89M7p8MRwtv8Pw9TxwHGvVZA+JEN+/1n7iZSTZb74skSKhHRMB1O4uixavhmMbRMtYQ==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_FR2P281MB01063F61DE3A38E719310CC18D110FR2P281MB0106DEUP_"
MIME-Version: 1.0
X-OriginatorOrg: adorsys.de
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: FR2P281MB0106.DEUP281.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 12247c2a-d52e-4242-b4ec-08d880438759
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Nov 2020 21:57:59.4215 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5e2c5484-e522-479d-91ca-515d6e0ce228
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 8DefeXWMJlaOkFdSvFL1yxuy7UuASjLzvnXyEyRSTOVP2JlLgzJ++BxnbrdQW6NfbvRPYferMAO143v+j19QjJXjrxsLyEYo8pc+gXbjEwo=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: FR2P281MB0268
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/DbF2pj4C1asKTNLhQkyFteaG0sk>
Subject: Re: [GNAP] I-D Action: draft-ietf-gnap-core-protocol-00.txt
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Nov 2020 21:58:05 -0000
sort of late but find below are my initial remarks after the first thorough reading of the draft-ietf-gnap-core-protocol-00.
A) Structure of the document
Grant negotiation is of an importance that requires the draft document to have a clean and understandable structure. This is missing. An example Structure could be:
1- Introduction
2- Abstract Protocol Flow
3- Roles
3.1- Role 1
3.1.1 Definition
3.1.2 Scenario
3.1.3 Authentication
3.1.4 Capabilities
3.2- Role 2
4- Requests
4.1 Resource Request
4.2 Access Request
5- Elements
5.1 Element 1
6. Interactions
6.1- Interaction Type 1
6.1.1 Protocol Flow
6.1.2 Roles/Parties
6.1.3 Elements
6.1.4 Requests
6.2- Interaction Type 2
6.2.1 Protocol Flow
6.2.2 Roles/Parties
....
6.3- Interaction Type 3
B) Current Document
Roles description shall not hold any assumption on the physical structure of the party fulfilling the roles.
Roles:
-> grant endpoint of the AS: Why is this a post request? This eliminates the chance of having user device hosted AS (no server).
-> Resource Owner (RO) : Authorizes the request? Does it authorize the request or the access to a resource?
Missing Section Interactions:
--> This section shall introduce the notion of interaction before we start listing interaction types.
Interaction Types:
--> I prefer a classification with Redirect, Decoupled and Embedded is. In the draft, we have one redirect and 2 decouple interactions and nothing else.
Resource Access Request vs. Resource Request
--> Both are mixed up. No clarification of the context of each section.
Token Content Negotiation
--> Not expressed as such. This is central to GNAP and not represented enough in the document.
Requesting "User" Information
we identify two types of users: RQ and RO. It will be better not to refer to a user in this draft, but either to a RQ or an RO.
Dealing with the RC. Here we need a clean structure:
-> Identification
--> Entity vs. Instance
--> Display Information
-> Key location, legitimation
--> Authentication
-> Capability representation
Dealing with Users? This belongs to two sections:
Handling RQ
-> Identification
--> Display Information
-> Credentials
--> Authentication
Handling RO
-> Identification
--> Display Information
-> Credentials
--> Authentication
Interaction Again
-> For each interaction type, we will have to describe the protocol flow and the nature and behavior of involved Roles (Parties), Elements, Requests.
Best regards
/Francis
________________________________
From: TXAuth <txauth-bounces@ietf.org> on behalf of internet-drafts@ietf.org <internet-drafts@ietf.org>
Sent: Saturday, October 17, 2020 10:46 AM
To: i-d-announce@ietf.org <i-d-announce@ietf.org>
Cc: txauth@ietf.org <txauth@ietf.org>
Subject: [GNAP] I-D Action: draft-ietf-gnap-core-protocol-00.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Grant Negotiation and Authorization Protocol WG of the IETF.
Title : Grant Negotiation and Authorization Protocol
Author : Justin Richer
Filename : draft-ietf-gnap-core-protocol-00.txt
Pages : 119
Date : 2020-10-17
Abstract:
This document defines a mechanism for delegating authorization to a
piece of software, and conveying that delegation to the software.
This delegation can include access to a set of APIs as well as
information passed directly to the software.
This document has been prepared by the GNAP working group design team
of Kathleen Moriarty, Fabien Imbault, Dick Hardt, Mike Jones, and
Justin Richer. This document is intended as a starting point for the
working group and includes decision points for discussion and
agreement. Many of the features in this proposed protocol can be
accomplished in a number of ways. Where possible, the editor has
included notes and discussion from the design team regarding the
options as understood.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-gnap-core-protocol/
There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-gnap-core-protocol-00.html
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
--
TXAuth mailing list
TXAuth@ietf.org
https://www.ietf.org/mailman/listinfo/txauth
- [GNAP] I-D Action: draft-ietf-gnap-core-protocol-… internet-drafts
- Re: [GNAP] I-D Action: draft-ietf-gnap-core-proto… Francis Pouatcha